Hi All,
We're having problems setting up ftp and authenticating against the postgres database.
We've reviewed these pages and a few others: Galaxy Page: https://wiki.galaxyproject.org/Admin/Config/UploadviaFTP
Peter Briggs Blog Post: http://galacticengineer.blogspot.co.uk/2015/02/ftp-upload-to-galaxy-using-pr...
Ricardo Perez's Galaxy Developers thread that Peter referenced: http://dev.list.galaxyproject.org/ProFTPD-integration-with-Galaxy-td4660295....
When we run proftpd in debug mode we get similar output to the one in Ricardo's thread:
Ricardo's command line output: login002 proftpd[987] login002 (10.28.56.101[10.28.56.101]): mod_sql_passwd/0.4: expected 'PBKDF2$sha256$10000$8h/4HmD1Eu6NTc7F$Slb1H5a9YJvR6A3cUnZCUfh7tOWKfRuh', got 'cc0ef515d684386aaa500bf6499d9f512dfb332c'
Our output: 2016-04-20 10:53:42,597 pcegalaxy proftpd[18649] pcegalaxy.ci.northwestern.edu (lagunitas.kelleher.northwestern.edu[129.105.112.217]): mod_sql_passwd/0.7: expected 'NMmACzgvs8Oh+BCnSw+2GFxpYl7cLiQu', got 'g3L81voHwAEh8y0B9qBImZycWgS0w4Z4'
From looking at the galaxy_user table, it seems like proftpd is finding the correct password information (password in table: PBKDF2$sha256$10000$kgyVpO6N2rWAbeX6$NMmACzgvs8Oh+BCnSw+2GFxpYl7cLiQu).
The last post from that thread mentions back-channel advice that was helpful. Maybe we need the same advice ?
In case it's important we're using LDAP for our general user authentication.
Here is our proftpd.conf: ServerName "Galaxy FTP File Upload" ServerType standalone DefaultServer on PidFile /opt/apps/proftpd/1.3.5/var/proftpd.pid
# Port 21 is the standard FTP port. Port 21
# Don't use IPv6 support by default. UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 077
# To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances 30
# Set the user and group under which the server will run. User nobody Group nobody
# To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. DefaultRoot ~
# Automatically create home directory if it doesn't exist CreateHome on dirmode 700
# Allow users to overwrite their files AllowOverwrite on
# Allow users to resume interrupted uploads AllowStoreRestart on
# Bar use of SITE CHMOD by default <Limit SITE_CHMOD> DenyAll </Limit>
# Bar use of RETR (download) since this is not a public file drop <Limit RETR> DenyAll </Limit>
# Do not authenticate against real (system) users AuthPAM off
## Set up mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1 SQLPasswordEngine on
## Set this if Galaxy user UID and/or GID are less than 999 SQLMinID 400
## Configuration that handles PBKDF2 encryption ## Set up mod_sql to authenticate against the Galaxy database SQLEngine on SQLBackend postgres
SQLConnectInfo galaxy_db@localhost:5432 <USERNAME> <PASSWORD> SQLAuthTypes PBKDF2 SQLPasswordPBKDF2 SHA256 10000 24 SQLPasswordEncoding base64 SQLAuthenticate users
## For PBKDF2 authentication SQLPasswordUserSalt sql:/GetUserSalt
## Define a custom query for lookup that returns a passwd-like entry for PBKFD2 ## UID and GID should match your Galaxy user. SQLUserInfo custom:/LookupGalaxyUser SQLNamedQuery LookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBKDF2' THEN substring(password from 38 for 69) ELSE password END) AS password2,400,400,'/share/PCEitAdmin/Galaxy/external_users/%U','/bin/bash' FROM galaxy_user WHERE email='%U'"
## Define custom query to fetch the password salt SQLNamedQuery GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBKDF2' THEN SUBSTRING (password from 21 for 16) END) AS salt FROM galaxy_user WHERE email='%U'"
Any advice would be great.
Thanks,
Joe Greer Northwestern University
galaxy-dev@lists.galaxyproject.org